{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T13:07:44.470","vulnerabilities":[{"cve":{"id":"CVE-2023-46668","sourceIdentifier":"security@elastic.co","published":"2023-10-26T00:15:12.150","lastModified":"2024-11-21T08:29:01.693","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts."},{"lang":"es","value":"Si Elastic Endpoint (v7.9.0 - v8.10.3) está configurado para usar una opción no predeterminada en la que el nivel de log está configurado explícitamente en debug, y cuando Elastic Agent está configurado simultáneamente para recopilar y enviar esos registros a Elasticsearch, entonces las claves de API del Agente Elastic se pueden ver en Elasticsearch en texto plano. Estas claves API podrían usarse para escribir datos arbitrarios y leer artefactos de usuario de Elastic Endpoint."}],"metrics":{"cvssMetricV31":[{"source":"security@elastic.co","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"security@elastic.co","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elastic:endpoint:*:*:*:*:*:*:*:*","versionStartIncluding":"7.9.0","versionEndIncluding":"8.10.3","matchCriteriaId":"542BBFE6-D7B0-4956-BDFB-F83E3B188F93"}]}]}],"references":[{"url":"https://discuss.elastic.co/t/endpoint-v8-10-4-security-update/345203","source":"security@elastic.co","tags":["Release Notes"]},{"url":"https://www.elastic.co/community/security","source":"security@elastic.co","tags":["Mitigation","Vendor Advisory"]},{"url":"https://discuss.elastic.co/t/endpoint-v8-10-4-security-update/345203","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://www.elastic.co/community/security","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}}]}